When the Network Monitor server is rebooted, the monitor does not begin capturing traffic. Once the monitor is recycled within the console, it then begins capturing traffic. No packets are seen.

Relevant Versions: all supported

This issue occurs when:

1. WinPcap is not installed properly. Reinstall WinPcap. Check to see if the Network monitor is capturing traffic.  You may have to recycle the server.

or

2. The registry key does not get updated to load NPF driver at startup.

• Once a privileged user runs "net start npf" or an application uses WinPcap (e.g., Wireshark), it is loaded permanently and available for all applications to use. 

To resolve this issue in Windows, update the registry settings:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF

The REG_DWORD value called "Start" should have its data changed to '1'. This ensures that npf.sys loads at system start instead of on demand.